Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-356-1 libsndfile

Debian Security Advisory

DLA-356-1 libsndfile -- LTS security update

Date Reported:

30 Nov 2015

Affected Packages:

libsndfile

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 774162, Bug 804445, Bug 804447.
In Mitre's CVE dictionary: CVE-2014-9496, CVE-2014-9756, CVE-2015-7805.

More information:

• CVE-2014-9496

  The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

• CVE-2014-9756

  The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

• CVE-2015-7805

  Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.